App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat.
CVEID:CVE-2020-13943
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to see the responses for unexpected resources, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189643 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
App Connect Professional v 7.5.3.0
App Connect Professional v 7.5.4.0
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
App Connect Professional | 7.5.4.0 | LI81933 | 7540 Fixcentral link |
App Connect Professional | 7.5.3.0 | LI81933 | 7530 Fixcentral link |
None
CPE | Name | Operator | Version |
---|---|---|---|
app connect professional v | eq | 7.5.3.0 | |
app connect professional v | eq | 7.5.4.0 |